If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. Only MAM is added for users in that group when they workplace join personal device. Devices are not automatically MDM enrolled.
So is it possible to have auto-enrolled MDM through AzureAD/Intune with Auto-Pilot while also having automatic MAM for non-windows devices?
It almost seems as if the AzureAD MAM page has bad wording -
"MAM User Scope" makes sense - but MDM scope should be an OR for "Device/User/Device+User"